functions/oAuth/Invoke-CreateAppTokenCertificate.ps1

function Invoke-EXRCreateAppTokenCertificate {
    [CmdletBinding()]
    param (
        [Parameter(Position = 0, Mandatory = $true)]
        [string]
        $CertName,
        
        [Parameter(Position = 1, Mandatory = $true)]
        [string]
        $CertFileName,
        
        [Parameter(Position = 2, Mandatory = $true)]
        [string]
        $ObjectId
    )
    Begin {
        if ($AccessToken -eq $null) {
            $AccessToken = Get-ProfiledToken -MailboxName $MailboxName  
            if ($AccessToken -eq $null) {
                $AccessToken = Get-EXRAccessToken -MailboxName $MailboxName       
            }                 
        }
        if ([String]::IsNullOrEmpty($MailboxName)) {
            $MailboxName = $AccessToken.mailbox
        }  
        $HttpClient = Get-HTTPClient -MailboxName $MailboxName

        $Cert = New-SelfSignedCertificate -certstorelocation cert:\currentuser\my -dnsname $CertName -Provider 'Microsoft Enhanced RSA and AES Cryptographic Provider'
        $SecurePassword = Read-Host -Prompt "Enter password for Certificate File" -AsSecureString
        $CertPath = "cert:\currentuser\my\" + $Cert.Thumbprint.ToString()
        Export-PfxCertificate -cert $CertPath -FilePath $CertFileName -Password $SecurePassword
        $bin = $cert.RawData
        $base64Value = [System.Convert]::ToBase64String($bin)
        $bin = $cert.GetCertHash()
        $base64Thumbprint = [System.Convert]::ToBase64String($bin)
        $keyid = [System.Guid]::NewGuid().ToString()
        Remove-Item $CertPath
        $RequestURL = "https://graph.microsoft.com/beta/applications('" + $ObjectId + "')"
        $PostContent = @{}
        $PostContent.Add("keyCredentials", @(@{ customKeyIdentifier = $base64Thumbprint; keyId = $keyid; type = "AsymmetricX509Cert"; usage = "Verify"; key = $base64Value }))
        $JsonPost = ConvertTo-Json -Depth 10 -InputObject $PostContent
        $JSONOutput = Invoke-RestPatch -RequestURL $RequestURL -HttpClient $HttpClient -AccessToken $AccessToken -MailboxName $MailboxName -Content $JsonPost
        if($JSONOutput.IsSuccessStatusCode){
            Return "Successfully created"
        }else{
            Return $JSONOutput
        }
        
        
    }
    
}